SAML and WS-Trust

Wondering what is the difference between SAML and WS-Trust or how they fit together.

Here is my understanding: WS-Trust can issue, validate, renew and assess trust relationships. We have an STS which can issue validate or exchange these tokens, a requester and service provider.

SAML also has a service provider and an identity provider. A service requester is enrolled with at least one identity provider that the service provider trusts. The specification states that it resolves the problem with web browser SSO.

They have STS and identity provider, service requestor and provider, standar message syntax for requesting tokens, But how do they differ and what they address specifically?

The Google SSO Google SSO can be implemented using WS-Trust as following:

1. User gets a token for Google mail from the STS in this case the partner. 2. User sends the request to Google Mail with the token 3. Google mail validates/exchanges it with STS